[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 30 09:10:21 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0a93b843 by security tracker role at 2021-09-30T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
+ TODO: check
+CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
+ TODO: check
+CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
+ TODO: check
+CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...)
+ TODO: check
+CVE-2021-41825
+ RESERVED
+CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
+ TODO: check
+CVE-2021-41823
+ RESERVED
+CVE-2021-41822
+ RESERVED
+CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...)
+ TODO: check
+CVE-2021-41820
+ RESERVED
+CVE-2021-41819
+ RESERVED
+CVE-2021-41818
+ RESERVED
+CVE-2021-41817
+ RESERVED
+CVE-2021-41816
+ RESERVED
+CVE-2021-41815
+ RESERVED
+CVE-2021-41814
+ RESERVED
+CVE-2021-41813
+ RESERVED
+CVE-2021-41812
+ RESERVED
+CVE-2021-41811
+ RESERVED
+CVE-2021-41810
+ RESERVED
+CVE-2021-41809
+ RESERVED
+CVE-2021-41808
+ RESERVED
+CVE-2021-41807
+ RESERVED
+CVE-2021-41806
+ RESERVED
+CVE-2021-41805
+ RESERVED
+CVE-2021-41804
+ RESERVED
+CVE-2021-41803
+ RESERVED
+CVE-2021-41802
+ RESERVED
+CVE-2021-41801
+ RESERVED
+CVE-2021-41800
+ RESERVED
+CVE-2021-41799
+ RESERVED
+CVE-2021-41798
+ RESERVED
+CVE-2021-41797
+ RESERVED
+CVE-2021-41796
+ RESERVED
+CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...)
+ TODO: check
+CVE-2021-41794
+ RESERVED
+CVE-2021-41793
+ RESERVED
+CVE-2021-41792
+ RESERVED
+CVE-2021-41791
+ RESERVED
+CVE-2021-41790
+ RESERVED
+CVE-2021-41789
+ RESERVED
+CVE-2021-41788
+ RESERVED
+CVE-2021-3840
+ RESERVED
CVE-2021-41787
RESERVED
CVE-2021-41786
@@ -1635,8 +1721,8 @@ CVE-2021-41036
RESERVED
CVE-2021-41035
RESERVED
-CVE-2021-41034
- RESERVED
+CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
+ TODO: check
CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
NOT-FOR-US: Eclipse Equinox
CVE-2021-41032
@@ -5499,8 +5585,8 @@ CVE-2021-39344
RESERVED
CVE-2021-39343
RESERVED
-CVE-2021-39342
- RESERVED
+CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
+ TODO: check
CVE-2021-39341
RESERVED
CVE-2021-39340
@@ -8548,7 +8634,7 @@ CVE-2021-3683
RESERVED
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
-CVE-2021-38112 (In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument ...)
+CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...)
NOT-FOR-US: Amazon AWS client for Windows
CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
NOT-FOR-US: DEF CON 27 badge
@@ -11557,8 +11643,7 @@ CVE-2021-36776
RESERVED
CVE-2021-36775
RESERVED
-CVE-2021-3653 [KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl]
- RESERVED
+CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
{DSA-4978-1}
- linux 5.14.6-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
@@ -13597,12 +13682,12 @@ CVE-2021-35947 (The public share controller in the ownCloud server before versio
- owncloud <removed>
CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...)
- owncloud <removed>
-CVE-2021-35945
- RESERVED
-CVE-2021-35944
- RESERVED
-CVE-2021-35943
- RESERVED
+CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...)
+ TODO: check
+CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...)
+ TODO: check
+CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...)
+ TODO: check
CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...)
- glibc 2.31-13 (bug #990542)
[buster] - glibc <no-dsa> (Minor issue)
@@ -45277,13 +45362,11 @@ CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacke
NOT-FOR-US: Concrete CMS
CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...)
NOT-FOR-US: revive-adserver
-CVE-2021-22947 [STARTTLS protocol injection via MITM]
- RESERVED
+CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...)
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2021-22947.html
NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0)
-CVE-2021-22946 [Protocol downgrade required TLS bypassed]
- RESERVED
+CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...)
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2021-22946.html
NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
@@ -81060,8 +81143,8 @@ CVE-2020-20783
RESERVED
CVE-2020-20782
RESERVED
-CVE-2020-20781
- RESERVED
+CVE-2020-20781 (A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?d ...)
+ TODO: check
CVE-2020-20780
RESERVED
CVE-2020-20779
@@ -82388,14 +82471,14 @@ CVE-2020-20133
RESERVED
CVE-2020-20132
RESERVED
-CVE-2020-20131
- RESERVED
+CVE-2020-20131 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...)
+ TODO: check
CVE-2020-20130
RESERVED
-CVE-2020-20129
- RESERVED
-CVE-2020-20128
- RESERVED
+CVE-2020-20129 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2020-20128 (LaraCMS v1.0.1 transmits sensitive information in cleartext which can ...)
+ TODO: check
CVE-2020-20127
RESERVED
CVE-2020-20126
@@ -85405,12 +85488,12 @@ CVE-2020-18687
RESERVED
CVE-2020-18686
RESERVED
-CVE-2020-18685
- RESERVED
-CVE-2020-18684
- RESERVED
-CVE-2020-18683
- RESERVED
+CVE-2020-18685 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...)
+ TODO: check
+CVE-2020-18684 (Floodlight through 1.2 has an integer overflow in checkFlow in StaticF ...)
+ TODO: check
+CVE-2020-18683 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...)
+ TODO: check
CVE-2020-18682
RESERVED
CVE-2020-18681
@@ -102128,8 +102211,8 @@ CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM120
NOT-FOR-US: Baxter
CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...)
NOT-FOR-US: FactoryTalk View SE
-CVE-2020-12030
- RESERVED
+CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...)
+ TODO: check
CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...)
NOT-FOR-US: FactoryTalk View SE
CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a93b8437f603931135c300c7e7a9cf9a350ef22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a93b8437f603931135c300c7e7a9cf9a350ef22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210930/7d468698/attachment.htm>
More information about the debian-security-tracker-commits
mailing list